An FPGA implementation of AES with fault analysis countermeasures

Fault analysis attacks are powerful cryptanalytic tools that are applicable to many types of cryptosystems. Inducing multiple transient faults and observing the output of the faulty cryptographic device may allow the attacker to collect sufficient information for extracting secret keys and even using the device after breaking the cipher. In this paper, we investigate several options for fault analysis resistant FPGA implementations of the Advanced Encryption Standard (AES), which has become the default choice for various security services in many applications since its adaption as a new encryption standard by NIST. In particular, we compare the throughput and area overheads associated with parity based error detection and (algorithm level, round level and operation level) redundancy based countermeasures. Our comparison also include implementations that already employ some additional countermeasures against power analysis attacks.